On Sat, Dec 1, 2018 at 6:59 PM Tony Arcieri <basc...@gmail.com> wrote:
> This does not seem to address a problem which was brought up when the > similar draft-green-tls-static-dh-in-tls13-00 was discussed, namely any > system in possession of one of the non-ephemeral-ECDHE private keys, > ostensibly for the purposes of passive traffic decryption, can arbitrarily > resume decrypted sessions and therefore impersonate any observed clients. > > I'm not a fan of systems like this, but I believe for security reasons > they should be designed in such a way that only the confidentiality of > traffic is impacted, and a "visibility" system isn't able to leverage the > decrypted traffic to resume decrypted sessions and thereby impersonate > clients. > I do not understand why the ETSI solution does not provide ability to impersonate clients/servers. -- SY, Dmitry Belyavsky
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
